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Step-By-Step: How to audit file and folder access to improve ... 
... Enabling auditing Before you can audit file and folder access, you must 
enable ... Cisco Storage Networking Blueprint Cisco Systems | PDF; Cisco 
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File Format: PDF/Adobe Acrobat - View as HTML 
... Network security seems to become much more important in recent 
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NerveCenter 3.8 Announcement 

... (Open), the leader in network security management software ... Based on finite state 
machine theory and extensible using PERL, the industry-standard scripting ... 
www.open.com/news/021202.shtml - 24k - C ac h ed - Si m i l ar pages 
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... UNIX kernels, TCP/IP internals, O/S and network security products, Internet e ... Built 

the first complete finite state machine (FSM) characterization and formal ... 

www.nsli.com/resume.htm - 20k - Cac h ed - S imi l ar pages 

Hardware holds value for classifying packets 

... Network security has become increasingly important as a way to protect the ... graph 
and using the software implementation of a finite-state machine to locate the ... 

www.eetimes.com/ printabieArticle?doc_id=OEG20031 125S0046 - 8k - Cached - 
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... My research interests lie in the area of network security for wireless ... Other interests 
include fault detection, Finite State Machine modeling and Hidden Markov ... 
www.glue.umd.edu/-svetlana/resume.html - 18k - Ca c hed - S i mi l a r pag e s 
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overflow attacks and we developed Finite State Machine models for various ... 
www.glue.umd.edu/-svetlana/research.html - 9k - Cac h e d - S i m ilar pages 

research 

... Network Security. ... In the first project we develop a finite-state machine based 
approach for the formal verification of various authentication protocols that has ... 
engr.smu.edu/-nair/research.htm! - 4k - Cached - Similar pag es 
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... transmission (stop-and-wait, sliding window) 02/24: Finite state machine; Go-back ... 
MPEG) 03/26: Multimedia networking applications, ARP Network Security (2 hours ... 
www.cse.lehigh.edu/-cheng/Teaching/ CSE398/schedule.html - 6k - C ached - 
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SAFKASI: a security mechanism for language-based systems 

Dan S. Wallach , Andrew W. Appel , Edward W. Felten 

ACM Transactions on Software Engineering and Methodology (TOSEM) October 
2000 

Volume 9 Issue 4 

In order to run untrusted code in the same process as trusted code, there must be a 
mechanism to allow dangerous calls to determine if their caller is authorized to 
exercise the privilege of using the dangerous routine. Java systems have adopted a 
technique called stack inspection to address this concern. But its original definition, in 
terms of searching stack frames, had an unclear relationship to the actual 
achievement of security, overconstrained the implementation of a Java system, Mm ... 
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2 An efficient and lightweight embedded Web server for Web-based 
2) network element management 

Hong-Taek Ju , Mi-Joung Choi , James W. Hong 

International Journal of Network Management September 2000 

Volume 10 Issue 5 

An Embedded Web Server &lpar;EWS&rpar; is a Web server which runs on an 
embedded system with limited computing resources to serve embedded Web 
documents to a Web browser. By embedding a Web server into a network device, it is 
possible to provide a Web&hyphen;based management user interface, which are 
user&hyphen;friendly, inexpensive, cross&hyphen; platform, and 
network&hyphen; ready. This article explores the topic of an efficient and lightweight 
embedded Web server for Web&hyphen; based netw ... 
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Joseph D. Touch 

— ACM SIGCOMM Computer Communication Review , Proceedings of the conference 
on Applications, technologies, architectures, and protocols for computer 
communication October 1995 
Volume 25 Issue 4 

MD5 is an authentication algorithm proposed as the required implementation of the 
authentication option in IPv6. This paper presents an analysis of the speed at which 
MD5 can be implemented in software and hardware, and discusses whether its use 
interferes with high bandwidth networking. The analysis indicates that MD5 software 
currently runs at 85 Mbps on a 190 Mhz RISC architecture, a rate that cannot be 
improved more than 20-40%. Because MD5 processes the entire body of a packet, this 
data ra ... 



4 Strategic directions in research in theory of computing 88% 
Cft Michael C Loui 

— ACM Computing Surveys (CSUR) December 1996 
Volume 28 Issue 4 



5 A type system for expressive security policies 87% 

David Walker 

Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of 

programming languages January 2000 

Certified code is a general mechanism for enforcing security properties. In this 
paradigm, untrusted mobile code carries annotations that allow a host to verify its 
trustworthiness. Before running the agent, the host checks the annotations and proves 
that they imply the hosts security policy. Despite the flexibility of this scheme, so far, 
compilers that generate certified code have focused on simple type safety properties 
rather than more general security properties. 



6 Temporal sequence learning and data reduction for anomaly detection 87% 

Terran Lane , Carla E. Brodley 

ACM Transactions on Information and System Security (TISSEC) August 1999 
Volume 2 Issue 3 

The anomaly-detection problem can be formulated as one of learning to characterize 
the behaviors of an individual, system, or network in terms of temporal sequences of 
discrete data. We present an approach on the basis of instance-based learning (IBL) 
techniques. To cast the anomaly-detection task in an IBL framework, we employ an 
approach that transforms temporal sequences of discrete, unordered observations into 
a metric space via a similarity measure that encodes intra-attribute depende ... 



7 PELLPACK: a problem-solving environment for PDE-based applications 87% 
[J on multicomputer platforms 

E. N. Houstis , J. R. Rice , S. Weerawarana , A. C. Catlin , P. Papachiou , K.-Y. Wang , M. 
Gaitatzes 

ACM Transactions on Mathematical Software (TOMS) March 1998 
Volume 24 Issue 1 

The article presents the software architecture and implementation of the problem- 
solving environment (PSE) PELLPACK for modeling physical objects described by 
partial differential equations (PDEs). The scope of this PSE is broad, as PELLPACK 
incorporates many PDE solving systems, and some of these, in turn, include several 
specific PDE solving methods. Its coverage for ID, 2D. and 3D elliptic or parabolic 
problems is quite broad, and it handles some hyperbolic problems, Since a PSE should 
p ... 



http://portalpv.acm.org/res^^ 



4/2/04 



Results 



Page 3 of 5 



8 Curriculum recommendations for undergraduate programs in 85% 
information systems 
J. Daniel Couger 

Communications of the ACM December 1973 
Volume 16 Issue 12 



9 Distributed systems - programming and management: On remote 85% 
2) procedure call 
Patricia Gomes Soares 

Proceedings of the 1992 conference of the Centre for Advanced Studies on 

Collaborative research - Volume 2 November 1992 

The Remote Procedure Call (RPC) paradigm is reviewed. The concept is described, 
along with the backbone structure of the mechanisms that support it. An overview of 
works in supporting these mechanisms is discussed. Extensions to the paradigm that 
have been proposed to enlarge its suitability, are studied. The main contributions of 
this paper are a standard view and classification of RPC mechanisms according to 
different perspectives, and a snapshot of the paradigm in use today and of goals for 
t ... 



10 The development and proof of a formal specification for a multilevel 85% 
12 secure system 

Janice I. Glasgow , Glenn H. MacEwen 

ACM Transactions on Computer Systems (TOCS) March 1987 
Volume 5 Issue 2 

This paper describes current work on the design and specification of a multilevel 
secure distributed system called SNet. It discusses security models in general, the 
various problems of information flows in SNet, and the abstract and concrete security 
model components for SNet. It also introduces Lucid as a language for specifying 
distributed systems. The model components are expressed in Lucid; these Lucid partial 
specifications are shown to be correct with respect to the formal model, and ... 



11 Using a coordination language to specify and analyze systems 85% 
containing mobile components 

P. Ciancarini , F. Franze , C. Mascolo 

ACM Transactions on Software Engineering and Methodology (TOSEM) April 2000 
Volume 9 Issue 2 

New computing paradigms for network-aware applications need specification 
languages able to deal with the features of mobile code-based systems. A coordination 
language provides a formal framework in which the interaction of active entities can be 
expressed. A coordination language deals with the creation and destruction of code or 
complex agents, their communication activites, as well as their distribution and 
mobility in space. We show how the coordination language PoliS offers a flexible ... 



12 Computing as a discipline 84% 

Lft D. E. Comer , David Gries , Michael C. Mulder , Allen Tucker , A. Joe Turner , Paul R. 
— Young 

Communications of the ACM February 1989 
Volume 32 Issue 1 

The final report of the Task Force on the Core of Computer Science presents a new 
intellectual framework for the discipline of computing and a new basis for computing 
curricula. This report has been endorsed and approved for release by the ACM 
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3L3 Curriculum recommendations for graduate professional programs in 84% 
information systems 

Communications of the ACM May 1972 
Volume 15 Issue 5 

14 Curriculum 78: recommendations for the undergraduate program in 83% 
Qj computer science— a report of the ACM curriculum committee on 
computer science 

Richard H. Austing , Bruce H. Barnes , Delia T. Bonnette , Gerald L. Engel , Gordon Stokes 
Communications of the ACM March 1979 
Volume 22 Issue 3 

Contained in this report are the recommendations for the undergraduate degree 
program in Computer Science of the Curriculum Committee on Computer Science 
(C3S) of the Association for Computing Machinery (ACM). The core curriculum 
common to all computer science undergraduate programs is presented in terms of 
elementary level topics and courses, and intermediate level courses. Elective courses, 
used to round out an undergraduate program, are then discussed, and ... 



IB Formal methods: state of the art and future directions 83% 
Edmund M. Clarke , Jeannette M. Wing 
ACM Computing Surveys (CSUR) December 1996 
Volume 28 Issue 4 



3L6 Anonymous credit cards 83% 

Steven H. Low , Sanjoy Paul , Nicholas F. Maxemchuk 

Proceedings of the 2nd ACM Conference oh Computer and communications 

security November 1994 

This paper describes a communications networking technique for funds transfer which 
combines the privacy of cash transactions with the security, record-keeping and 
charging mechanisms of credit cards. The scheme uses a communications network and 
cryptographic protocols to separate information. The company that extends credit to 
the individual and collects the bill does not have access to the specific purchases, and 
the shop that sells the merchandise is convinced that it will be paid withou ... 



17 Proofs that yield nothing but their validity or all languages in NP have 83% 
13 zero-knowledge proof systems 

Oded Goldreich , Silvio Micali , Avi Wigderson 
Journal of the ACM (3ACM) July 1991 
Volume 38 Issue 3 

IB Improving the aircraft design process using Web-based modeling and 83% 
2) simulation 

John A. Reed , Gregory J. Follen , Abdollah A. Afjeh 

ACM Transactions on Modeling and Computer Simulation (TOMACS) January 2000 
Volume 10 Issue 1 

Designing and developing new aircraft systems is time-consuming and expensive. 
Computational simulation is a promising means for reducing design cycle times, but 
requires a flexible software environment capable of integrating advanced 
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multidisciplinary and multifidelity analysis methods, dynamically managing data acros 
heterogeneous computing platforms, and distributing computationally complex tasks. 
Web-based simulation, with its emphasis on collaborative composition of simulation 
models, ... 

19 Fast detection of communication patterns in distributed executions 
[^j Thomas Kunz , Michiel F. H. Seuren 

— Proceedings of the 1997 conference of the Centre for Advanced Studies on 
Collaborative research November 1997 

Understanding distributed applications is a tedious and difficult task. Visualizations 
based on process-time diagrams are often used to obtain a better understanding of 
the execution of the application. The visualization tool we use is Poet, an event tracer 
developed at the University of Waterloo. However, these diagrams are often very 
complex and do not provide the user with the desired overview of the application. In 
our experience, such tools display repeated occurrences of non-trivial commun ... 



20 m-EVES: A tool for verifying software 

f^j D. Craigen , S. Kromodimoeljo , I. Meisels , A. Neilson , B. Pase , M. Saaltink 
— Proceedings of the 10th international conference on Software engineering April 
1988 

This paper describes the development of a new tool for formally verifying software. 
The tool is called m-EVES and consists of a new language, called m-Verdi, for 
implementing and specifying software; a new logic, which has been proven sound; and 
a new theorem prover, called m-NEVER, which integrates many state-of-the-art 
techniques drawn from the theorem proving literature. Two simple examples are used 
to present the fundamental ideas embodied within the system. 
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1 Real-time protocol analysis for detecting link-state routing protocol 
2) attacks 

Ho-Yen Chang", S. Felix Wu , Y. Frank Jbu 

ACM Transactions on Information and System Security (TISSEC) February 2001 
Volume 4 Issue 1 

A real-time knowledge-based network intrusion-detection model for a link-state 
routing protocol is presented for the OSPF protocol. This model includes three layers: 
data process layer to parse packets and dispatch data; and event abstractor to 
abstract predefined real-time events for the link-state routing protocol; and an 
extended timed finite state machine to express the real-time behavior of the protocol 
engine and to ... 



98% 
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SAFKASI: a security mechanism for language-based systems 

Dan S. Wallach , Andrew W. Appel , Edward W. Felten 

ACM Transactions on Software Engineering and Methodology (TOSEM) October 
2000 

Volume 9 Issue 4 

In order to run untrusted code in the same process as trusted code, there must be a 
mechanism to allow dangerous calls to determine if their caller is authorized to 
exercise the privilege of using the dangerous routine. Java systems have adopted a 
technique called stack inspection to address this concern. But its original definition, in 
terms of searching stack frames, had an unclear relationship to the actual 
achievement of security, overconstrained the implementation of a Java system, lim ... 
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Journal on Educational Resources in Computing (JERIC) September 2001 
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4 Termination in language-based systems 89% 
Algis Rudys , Dan S. Wallach 

— ACM Transactions on Information and System Security (TXSSEC) May 2002 
Volume 5 Issue 2 

Language run-time systems are increasingly being embedded in systems to support 
run-time extensibility via mobile code. Such systems raise a number of concerns when 
the code running in such systems is potentially buggy or untrusted. Although 
sophisticated access controls have been designed for mobile code and are shipping as 
part of commercial systems such as Java, there is no support for terminating mobile 
code short of terminating the entire language run-time. This article presents a c ... 

5 Simple, state-based approaches to program-based anomaly detection 88% 

C. C. Michael , Anup Ghosh 

— ACM Transactions on Information and System Security (TXSSEC) August 2002 
Volume 5 Issue 3 

This article describes variants of two state-based intrusion detection algorithms from 
Michael and Ghosh [2000] and Ghosh et al. [2000], and gives experimental results on 
their performance. The algorithms detect anomalies in execution audit data. One is a 
simply constructed finite-state machine, and the other two monitor statistical 
deviations from normal program behavior. The performance of these algorithms is 
evaluated as a function of the amount of available training data, and they are 
compar ... 



© Session 1: creative mathematics: Model-Carrying Code (MCC): a new 88% 
2] paradigm for mobile-code security 

R. Sekar , C. R. Ramakrishnan , I. V. Ramakrishnan , S. A. Smolka 
[Proceedings of the 2001 workshop on New security paradigms September 2001 
A new approach for ensuring the security of- mobile code is proposed. Our approach 
enables a mobile-code consumer to understand and formally reason about what a 
piece of mobile code can do; check if the actions of the code are compatible with 
his/her security policies; and, if so, execute the code. The compatibility-checking 
process is automated, but if there are conflicts, consumers have the opportunity to 
refine their policies, taking into account the functionality provided by the mobile code. 



7 Intrusion detection: Specification-based anomaly detection: a new 88% 
2) approach for detecting network intrusions 

R. Sekar , A. Gupta , J. Frullo , T. Shanbhag , A. Tiwari , H. Yang , S. Zhou 
Proceedings of the 9th ACM conference on Computer and communications 
security November 2002 

Unlike signature or misuse based intrusion detection techniques, anomaly detection is 
capable of detecting novel attacks. However, the use of anomaly detection in practice 
is hampered by a high rate of false alarms. Specification-based techniques have been 
shown to produce a low rate of false alarms, but are not as effective as anomaly 
detection in detecting novel attacks, especially when it comes to network probing and 
denial-of-service attacks. This paper presents a new approach that combines ... 

8 An efficient and lightweight embedded Web server for Web-based 88% 
Qj network element management 

Hong-Taek Ju , Mi-Joung Choi , James W. Hong 

International Journal of Network (Management September 2000 
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Volume 10 Issue 5 

An Embedded Web Server &lpar;EWS&rpar; is a Web server which runs on an 
embedded system with limited computing resources to serve embedded Web 
documents to a Web browser. By embedding a Web server into a network device, it is 
possible to provide a Web&hyphen; based management user interface, which are 
user&hyphen;friendly, inexpensive, cross&hyphen; platform, and 
network&hyphen; ready. This article explores the topic of an efficient and lightweight 
embedded Web server for Web&hyphen; based netw ... 



9 Performance analysis of MD5 88% 

[A Joseph D. Touch 

— ACM SIGCOMM Computer Communication Review , Proceedings of the conference 
on Applications, technologies, architectures, and protocols for computer 
communication October 1995 
Volume 25 Issue 4 

MD5 is an authentication algorithm proposed as the required implementation of the 
authentication option in IPv6. This paper presents an analysis of the speed at which 
MD5 can be implemented in software and hardware, and discusses whether its use 
interferes with high bandwidth networking. The analysis indicates that MD5 software 
currently runs at 85 Mbps on a 190 Mhz RISC architecture, a rate that cannot be 
improved more than 20-40%. Because MD5 processes the entire body of a packet, this 
data ra ... 



10 Strategic directions in research in theory of computing 88% 

£<h Michael C Loui 

— ACM Computing Surveys (CSUR) December 1996 
Volume 28 Issue 4 



11 A type system for expressive security policies 87% 
□h David Walker 

— Proceedings of the 27th ACM SIG PLAN -SIG ACT symposium on Principles of 
programming languages January 2000 

Certified code is a general mechanism for enforcing security properties. In this 
paradigm, untrusted mobile code carries annotations that allow a host to verify its 
trustworthiness. Before running the agent, the host checks the annotations and proves 
that they imply the host's security policy. Despite the flexibility of this scheme, so far, 
compilers that generate certified code have focused on simple type safety properties 
rather than more general security properties. 



12 Temporal sequence learning and data reduction for anomaly detection 87% 

Qj Terran Lane , Carla E. Brodley 

— ACM Transactions on Information and System Security (TISSEC) August 1999 
Volume 2 Issue 3 

The anomaly-detection problem can be formulated as one of learning to characterize 
the behaviors of an individual, system, or network in terms of temporal sequences of 
discrete data. We present an approach on the basis of instance-based learning (IBL) 
techniques. To cast the anomaly-detection task in an IBL framework, we employ an 
approach that transforms temporal sequences of discrete, unordered observations into 
a metric space via a similarity measure that encodes intra-attribute depende ... 



13 PELLPACK: a problem-solving environment for PDE-based applications 87% 
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E. N. Houstis , J. R. Rice , S. Weerawarana , A. C. Catlin , P. Papachiou , K.-Y. Wang , M. 
Gaitatzes 

ACM Transactions on Mathematical Software (TOMS) March 1998 
Volume 24 Issue 1 

The article presents the software architecture and implementation of the problem- 
solving environment (PSE) PELLPACK for modeling physical objects described by 
partial differential equations (PDEs). The scope of this PSE is broad, as PELLPACK 
incorporates many PDE solving systems, and some of these, in turn, include several 
specific PDE solving methods. Its coverage for ID, 2D. and 3D elliptic or parabolic 
problems is quite broad, and it handles some hyperbolic problems, Since a PSE should 
p ... 



3L4 Session 2: secure Web services: Designing a distributed access control 85% 
2j processor for network services on the Web 

Reiner Kraft 

Proceedings off the 2002 ACM workshop on XML security November 2002 

The service oriented architecture (SOA) is gaining more momentum with the advent of 
network services on the Web. A programmable and machine accessible Web is the 
vision of many,and might represent a step towards the semantic Web. However, 
security is a crucial requirement for the serious usage and adoption of the Web 
services technology. This paper enumerates design goals for an access control model 
for Web services. It then introduces an abstract general model for Web services 
components, along ... 



15 Curriculum recommendations for undergraduate programs in 85% 
12 information systems 

J. Daniel Couger 

Communications of the ACM December 1973 
Volume 16 Issue 12 

16 Distributed systems - programming and management: On remote 85% 
12 procedure call 

Patricia Gomes Soares 

Proceedings off the 5L992 conference off the Centre for Advanced Studies on 

Collaborative research - Volume 2 November 1992 

The Remote Procedure Call (RPC) paradigm is reviewed. The concept is described, 
along with the backbone structure of the mechanisms that support it. An overview of 
works in supporting these mechanisms is discussed. Extensions to the paradigm that 
have been proposed to enlarge its suitability, are studied. The main contributions of 
this paper are a standard view and classification of RPC mechanisms according to 
different perspectives, and a snapshot of the paradigm in use today and of goals for 
t ... 



17 Survivability analysis of networked systems 85% 
[^j Somesh Jha , Jeannette M. Wing 

Proceedings off the 23rd international conference on Software engineering July 

2001 

Survivability is the ability of a system to continue operating despite the presence of 
abnormal events such as failures and intrusions. Ensuring system survivability has 
increased in importance as critical infrastructures have become heavily dependent on 
computers. In this paper we present a systematic method for performing survivability 
analysis of networked systems. An architect injects failure and intrusion events into a 
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system model and then visualizes the effects of the injected event ... 



IB An Internet multicast system for the stock market 85% 

ACM Transactions on Computer Systems (TOCS) August 2001 
— Volume 19 Issue 3 

We are moving toward an international, 24-hour, distributed, electronic stock 
exchange. The exchange will use the global Internet, or internet technology. This 
system is a natural application of multicast because there are a large number of 
receivers that should receive the same information simultaneously. The data 
requirements for the stock exchange are discussed. The current multicast protocols 
lack the reliability, fairness, and scalability needed in this application. We describe a 
distr ... 



19 The development and proof of a formal specification for a multilevel 85% 
12 secure system 

Janice I. Glasgow , Glenn H. MacEwen 

ACM Transactions on Computer Systems (TOCS) March 1987 
Volume 5 Issue 2 

This paper describes current work on the design and specification of a multilevel 
secure distributed system called SNet. It discusses security models in general, the 
various problems of information flows in SNet, and the abstract and concrete security 
model components for SNet. It also introduces Lucid as a language for specifying 
distributed systems. The model components are expressed in Lucid; these Lucid partial 
specifications are shown to be correct with respect to the formal model, and ... 



2© Verifying security protocols as planning in logic programming 85% 

C<h Luigia Carlucci Aiello , Fabio Massacci 

— ACM Transactions on Computational Logic (TOCL) October 2001 
Volume 2 Issue 4 

We illustrate ALSP (Action Language for Security Protocol), a declarative executable 
specification language for planning attacks to security protocols. ALSP is based on logic 
programming with negation as failure, and with stable model semantics. In ALSP we 
can give a declarative specification of a protocol with the natural semantics of send 
and receive actions which can be performed in parallel. By viewing a protocol trace as 
a plan to a ... 
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As part of the paper(s) required for the course, students will submit a one page proposed outline of their 
paper as scheduled on the course calendar. The outline should highlight the paper's topic and detail the 
approach the student will take in presenting the material. An average outline s provided below as a 
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Required Length: One page 

Format: Outline 

Submission method: Email. The subject of the email must be "Paper Outline". The outline will be 
within the body of the email. No attachments will be accepted. 

Sample Outline: Paper Outline for "Impact of Protocol Interaction on Verifying Protocols". 

(.Introduction and Background 

A. Need for Network Security 

B. Security Protocols for Network Security 

C. Need for Verifying Security Protocols 

II. Verifying Security Protocols 

A. Testing of Security Protocols 

B. Application of Formal Methods to verify Security 
Protocols 

1. Use of methods based on State Machines 

2. Use of methods based on Modal Logic 

C. Other Methods to verify Security Protocols 

III. Protocol Interaction 

A. What is Protocol Interaction? 

B. Why do Protocol Interactions Occur? 

C. Examples of Protocol Interactions 

D. Attacks based on Protocol Interactions 

IV. Impacts of Protocol Interaction 

A. Impact on the verification of Protocols 

B. Issues to be considered 

C. Design principles to be followed 

V. Conclusion 

VI. Bibliography 
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1 Intrusion detection: Mimicry attacks on host-based intrusion detection 84% 
2) systems 

David Wagner , Paolo Soto 

Proceedings of the 9th ACM conference on Computer and communications 

security November 2002 

We examine several host-based anomaly detection systems and study their security 
against evasion attacks. First, we introduce the notion of a mimicry attack, which 
allows~a sophisticated attacker to cloak their intrusion to avoid detection by the IDS. 
Then, we develop a theoretical framework for evaluating the security of an IDS against 
mimicry attacks. We show how to break the security of one published IDS with these 
methods, and we experimentally confirm the power of mimicry attacks by ... 

2 Industrial/government track: Towards NIC-based intrusion detection 80% 

kfe M. Otey , S. Parthasarathy , A. Ghoting , G. Li , S. Narravula , D. Panda 
— Proceedings of the ninth ACM SIGKDD international conference on Knowledge 
discovery and data mining August 2003 

We present and evaluate a NIC-based network intrusion detection system. Intrusion 
detection at the NIC makes the system potentially tamper-proof and is naturally 
extensible to work in a distributed setting. Simple anomaly detection and signature 
detection based models have been implemented on the NIC firmware, which has its 
own processor and memory. We empirically evaluate such systems from the 
perspective of quality and performance (bandwidth of acceptable messages) under 
varying conditions of ... 

3 Defensive technology: Detection of injected, dynamically generated, and 80% 
2) obfuscated malicious code 

Jesse C. Rabek , Roger I. Khazan , Scott M. Lewandowski , Robert K. Cunningham 
Proceedings of the 2003 ACM workshop on Rapid Malcode October 2003 
This paper presents DOME, a host-based technique for detecting several general 
classes of malicious code in software executables. DOME uses static analysis to 
identify the locations (virtual addresses) of system calls within the software 
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executables, and then monitors the executables at runtime to verify that every 
observed system call is made from a location identified using static analysis. The 
power of this technique is that it is simple, practical, applicable to real-world software, 
and high ... 

4 Intrusion detection and response: An empirical analysis of NATE: 80% 
Network Analysis of Anomalous Traffic Events 

Carol Taylor , Jim Alves-Foss 

Proceedings of the 2002 workshop on New security paradigms September 2002 
This paper presents results of an empirical analysis of NATE (Network Analysis of 
Anomalous Traffic Events), a lightweight, anomaly based intrusion detection tool. 
Previous work was based on the simulated Lincoln Labs data set. Here, we show that 
NATE can operate under the constraints of real data inconsistencies. In addition, new 
TCP sampling and distance methods are presented. Differences between real and 
simulated data are discussed in the course of the analysis. 

5 Industry track papers: Learning nonstationary models of normal 80% 
2) network traffic for detecting novel attacks 

Matthew V. Mahoney , Philip K. Chan 

Proceedings of the eighth ACM SIGKDD international conference on Knowledge 

discovery and data mining July 2002 

Traditional intrusion detection systems (IDS) detect attacks by comparing current 
behavior to signatures of known attacks. One main drawback is the inability of 
detecting new attacks which do not have known signatures. In this paper we propose a 
learning algorithm that constructs models of normal behavior from attack-free network 
traffic. Behavior that deviates from the learned normal model signals possible novel 
attacks. Our IDS is unique in two respects. First, it is nonstationary, modeling pr ... 

6 Special section on data mining for intrusion detection and threat 80% 
2) analysis: Detection and classification of intrusions and faults using 

sequences of system calls 

Joao B. D. Cabrera , Lundy Lewis , Raman K. Mehra 
ACM SIGMOD Record December 2001 
Volume 30 Issue 4 

This paper investigates the use of sequences of system calls for classifying intrusions 
and faults induced by privileged processes in Unix. Classification is an essential 
capability for responding to an anomaly (attack or fault), since it gives the ability to 
associate appropriate responses to each anomaly type. Previous work using the well 
known dataset from the University of New Mexico (UNM) has demonstrated the 
usefulness of monitoring sequences of system calls for detecting anomalies induced ... 

7 Intrusion detection: Specification-based anomaly detection: a new 80% 
approach for detecting network intrusions 

R. Sekar , A. Gupta , J. Frullo , T. Shanbhag , A. Tiwari , H. Yang , S. Zhou 
Proceedings of the 9th ACM conference on Computer and communications 
security November 2002 

Unlike signature or misuse based intrusion detection techniques, anomaly detection is 
capable of detecting novel attacks. However, the use of anomaly detection in practice 
is hampered by a high rate of false alarms. Specification-based techniques have been 
shown to produce a low rate of false alarms, but are not as effective as anomaly 
detection in detecting novel attacks, especially when it comes to network probing and 
denial-of-service attacks. This paper presents a new approach that combines ... 
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8 Computer security: Learning temporal patterns for anomaly intrusion 80% 

12 detection 

Alexandr Seleznyov , Oleksiy Mazheiis 

Proceedings of the 2002 ACM symposium on Applied computing March 2002 
For the last decade an explosive spread of computer systems and computer networks 
has resulted in a society that is increasingly dependent on information stored on these 
systems. A computer system connected to the network is accessible from another 
computer in this network regardless of its geographical position. Along with providing 
many benefits for legitimate users this technology creates almost unlimited 
opportunities for malicious persons, which using software vulnerabilities may 
successful ... 



9 Simple, state-based approaches to program-based anomaly detection 80% 

Cft C. C Michael , Anup Ghosh 

— ACM Transactions on Information and System Security (TISSEC) August 2002 
Volume 5 Issue 3 

This article describes variants of two state-based intrusion detection algorithms from 
Michael and Ghosh [2000] and Ghosh et al. [2000], and gives experimental results on 
their performance. The algorithms detect anomalies in execution audit data. One is a 
simply constructed finite-state machine, and the other two monitor statistical 
deviations from normal program behavior. The performance of these algorithms is 
evaluated as a function of the amount of available training data, and they are 
compar ... 



10 A high-performance network intrusion detection system 77% 

Q| R. Sekar , Y. Guang , S. Verma , T. Shanbhag 

Proceedings of the 6th ACM conference on Computer and communications 
security November 1999 „ _ _ — ^ _ ^ — ■ 

In this paper we present a new approach for network intrusion detection based on 
concise specifications that characterize normal and abnormal network packet 
sequences. Our specification language is geared for a robust network intrusion 
detection by enforcing a strict type discipline via a combination of static and dynamic 
type checking. Unlike most previous approaches in network intrusion detection, our 
approach can easily support new network protocols as information relating to the 
protoco ... 
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1 Safely executing untrusted code: Model-carrying code: a practical 88% 
2) approach for safe execution of untrusted applications 

R. Sekar , V.N. Venkatakrishnan , Samik Basu , Sandeep Bhatkar , Daniel C. DuVarney 
Proceedings of the nineteenth ACM symposium on Operating systems principles 

October 2003 

This paper presents a new approach called model-carrying code (MCC) for safe 
execution of untrusted code. At the heart of MCC is the idea that untrusted code 
comes equipped with <f concise high-level model of its security-relevant behavior. This 
model helps bridge the gap between high-level security policies and low-level binary 
code, thereby enabling analyses which would otherwise be impractical. For instance, 
users can use a fully automated verification procedure to determine if the code ... 



2 BlueBoX: A policy-driven, host-based intrusion detection system 87% 
Suresh N. Chari , Pau-Chen Cheng 

ACM Transactions on Information and System Security (TISSEC) May 2003 
Volume 6 Issue 2 

Detecting attacks against systems has, in practice, largely been delegated to sensors, 
such as network intrustion detection systems. However, due to the inherent limitations 
of these systems and the increasing use of encryption in communication, intrusion 
detection and prevention have once again moved back to the host systems 
themselves. In this paper, we describe our experiences with building BlueBox, a host- 
based intrusion detection system. Our approach, based on the technique of system call 
i ... 



3 Mobile code: Empowering mobile code using expressive security policies 84% 

Cft V. N. Venkatakrishnan , Ram Peri , R. Sekar 

— Proceedings of the 2002 workshop on New security paradigms September 2002 
Existing approaches for mobile code security tend to take a conservative view that 
mobile code is inherently risky, and hence focus on confining it. Such confinement is 
usually achieved using access control policies that restrict mobile code from taking any 
action that can potentially be used to harm the host system. While such policies can be 
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helpful in keeping "bad applets" in check, they preclude a large number of useful 
applets. We therefore take an alternative view of mobile code security, ... 



4 Data integrity: Web application security assessment by fault injection 84% 
and behavior monitoring 

Yao-Wen Huang , Shih-Kun Huang , Tsung-Po Lin , Chung-Hung Tsai 
Proceedings off the twelfth international conference on World Wide Web May 2003 
As a large and complex application platform, the World Wide Web is capable of 
delivering a broad range of sophisticated applications. However, many Web 
applications go through rapid development phases with extremely short turnaround 
time, making it difficult to eliminate vulnerabilities. Here we analyze the design of Web 
application security assessment mechanisms in order to identify poor coding practices 
that render Web applications vulnerable to attacks such as SQL injection and cross-site 
scr ... 



5 Intrusion detection: Specification-based anomaly detection: a new 84% 
2] approach for detecting network intrusions 

R. Sekar , A. Gupta , J. Frullo , T. Shanbhag , A. Tiwari , H. Yang , S. Zhou 
Proceedings of the 9th ACM conference on Computer and communications 
security November 2002 

Unlike signature or misuse based intrusion detection techniques, anomaly detection is 
capable of detecting novel attacks. However, the use of anomaly detection in practice 
is hampered by a high rate of false alarms. Specification-based techniques have been 
shown to produce a low rate of false alarms, but are not as effective as anomaly 
detection in detecting novel attacks, especially when it comes to network probing and 
denial-of-service attacks. This paper presents a new approach that combines ... 

© Session 1: creative mathematics: Model-Carrying Code (MCC): a new 82% 
paradigm for mobile-code security 

R. Sekar , C. R. Ramakrishnan , I. V. Ramakrishnan , S. A. Smolka 
Proceedings of the 2001 workshop on New security paradigms September 2001 
A new approach for ensuring the security of mobile code is proposed. Our approach 
enables a mobile-code consumer to understand and formally reason about what a 
piece of mobile code can do; check if the actions of the code are compatible with 
his/her security policies; and, if so, execute the code. The compatibility-checking 
process is automated, but if there are conflicts, consumers have the opportunity to 
refine their policies, taking into account the functionality provided by the mobile code. 



7 Enabling trusted software integrity 82% 

Darko Kirovski , Milenko Drinic , Miodrag Potkonjak 
— Tenth international conference on architectural support for programming 

languages and operating systems on Proceedings of the 10th international 

conference on architectural support for programming languages and operating 

systems (ASPLOS-X) October 2002 

Volume 37 , 30 , 36 Issue 10 , 5 , 5 

Preventing execution of unauthorized software on a given computer plays a pivotal 
role in system security. The key problem is that although a program at the beginning 
of its execution can be verified as authentic, while running, its execution flow can be 
redirected to externally injected malicious code using, for example, a buffer overflow 
exploit. Existing techniques address this problem by trying to detect the intrusion at 
run-time or by formally verifying that the software is not prone to a p ... 
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Intrusion detection: Enhancing byte-level network intrusion detection 80% 
signatures with context 

Robin Sommer , Vern Paxson 

Proceedings of the 3LOth ACM conference on Computer and communication 

security October 2003 

Many network intrusion detection systems (NIDS) use byte sequences as signatures to 
detect malicious activity. While being highly efficient, they tend to suffer from a high 
false-positive rate. We develop the concept of contextual signatures as an 
improvement of string-based signature-matching. Rather than matching fixed strings 
in isolation, we augment the matching process with additional context. When 
designing an efficient signature engine for the NIDS bro, we provide low-level 
context ... 



A high-performance network intrusion detection system 80% 

R. Sekar , Y. Guang , S. Verma , T. Shanbhag 

Proceedings of the 6th ACIM conference on Computer and communications 
security November 1999 

In this paper we present a new approach for network intrusion detection based on 
concise specifications that characterize normal and abnormal network packet 
sequences. Our specification language is geared for a robust network intrusion 
detection by enforcing a strict type discipline via a combination of static and dynamic 
type checking. Unlike most previous approaches in network intrusion detection, our 
approach can easily support new network protocols as information relating to the 
protoco ... 

3L(Q> Session 4: innovative solutions: AngeL: a tool to disarm computer 77% 
2| systems 

Danilo Bruschi , Emilia Rosti 

Proceedings of the 2002. workshop on New security paradigms September 2001 
In this paper we present a tool designed to intercept attacks at the host where they 
are launched so as to block them before they reach their targets. The tool works both 
for attacks targeted on the local host and on hosts connected to the network. In the 
current implementation it can detect and block more than 70 attacks as reported in 
the literature. The tool is based on the idea of improving the overall security of the 
Internet by connecting disarmed systems, i.e., hosts that cannot launch att ... 
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1 Intrusion detection: Specification-based anomaly detection: a new 80% 
Qj approach for detecting network intrusions 

R. Sekar , A. Gupta , J. Frullo , T. Shanbhag , A. Tiwari , H. Yang , S. Zhou 
Proceedings of the 9th ACM conference on Computer and communications 
security November 2002 

Unlike signature or misuse based intrusion detection techniques, anomaly detection is 
capable of detecting TTovel attacks. However, the use of anomaly detection in practice 
is hampered by a high rate of false alarms. Specification-based techniques have been 
shown to produce a low rate of false alarms, but are not as effective as anomaly 
detection in detecting novel attacks, especially when it comes to network probing and 
denial-of-service attacks. This paper presents a new approach that combines ... 
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1 Intrusion detection: Specification-based anomaly detection: a new 80% 
approach for detecting network intrusions 
R. Sekar , A. Gupta , J. Frullo , T. Shanbhag , A. Tiwari , H. Yang , S. Zhou 
Proceedings of the 9th &CM conference on Computer and communications 
security November 2002 

Unlike signature or misuse based intrusion detection techniques, anomaly detection is 
capable of detecting" novel attacks. However, the use of anomaly detection in practice 
is hampered by a high rate of false alarms. Specification-based techniques have been 
shown to produce a low rate of false alarms, but are not as effective as anomaly 
detection in detecting novel attacks, especially when it comes to network probing and 
denial-of-service attacks. This paper presents a new approach that combines ... 
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